Extracted

• • Target

    36b0513b842d6c85465e34290025ee9e68679d4af2893e65ece8513b60a3ec4a

  • Size

    1.0MB

  • MD5

    2d063786497dd5c92880c50fcbd06da8

  • SHA1

    bb4e22c70a01e0a668dc81a4de570456ddcd2ac2

  • SHA256

    36b0513b842d6c85465e34290025ee9e68679d4af2893e65ece8513b60a3ec4a

  • SHA512

    af33c96f7be110dc3c4eb4ce683f475ba9f846dc1e939a9b22ab9692a782ce86ce3148d72b231b72063b5570825cf9ec5f8a095fe1c970f8f26c2a704e84301f

  • SSDEEP

    24576:pyOMn5zh1JHnOQkqxf259KZZ1Ry+Vxml+zk0PJ6/0/Cr9t:cOyz9nXkqxf259KZZWWxmkk0PJ6/0

  Score

  10^/10

  redlinemolsdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1